This blog is about the Linux Command Line Interface (CLI), with an occasional foray into GUI territory.
Instead of just giving you information like some man page, I hope to illustrate each command in real-life scenarios.

Search This Blog

Saturday, October 19, 2013

This is a step-to-step guide for connecting to a WPA/WPA2 WiFi network via the Linux command line interface. The tools are:

wpa_supplicant

iw

ip

ping

iw is the basic tool for WiFi network-related tasks, such as finding the WiFi device name, and scanning access points. wpa_supplicant is the wireless tool for connecting to a WPA/WPA2 network.
ip is used for enabling/disabling devices, and finding out general network interface information.

The steps for connecting to a WPA/WPA2 network are:

Find out the wireless device name.

$ /sbin/iw dev
phy#0
Interface wlan0
ifindex 3
type managed

The above output showed that the system has 1 physical WiFi card, designated as phy#0. The device name is wlan0. The type specifies the operation mode of the wireless device. managed means the device is a WiFi station or client that connects to an access point.

The 2 important pieces of information from the above are the SSID and the security protocol (WPA/WPA2 vs WEP).
The SSID from the above example is gorilla. The security protocol is RSN, also commonly referred to as WPA2.
The security protocol is important because it determines what tool you use to connect to the network.

Connect to WPA/WPA2 WiFi network.

This is a 2 step process. First, you generate a configuration file for wpa_supplicant that contains the pre-shared key ("passphrase") for the WiFi network.

wpa_passphrase takes the SSID as the single argument. You must type in the passphrase for the WiFi network gorilla after you run the command. Using that information, wpa_passphrase will output the necessary configuration statements to the standard output. Those statements are appended to the wpa_supplicant configuration file located at /etc/wpa_supplicant.conf.

The above routing table contains only 1 rule which redirects all traffic destined for the local subnet (192.168.1.x) to the wlan0 interface.
You may want to add a default routing rule to pass all other traffic through wlan0 as well.

The above series of steps is a very verbose explanation of how to connect a WPA/WPA2 WiFi network.
Some steps can be skipped as you connect to the same access point for a second time. For instance, you already know the WiFi device name, and the configuration file is already set up for the network. The process needs to be tailored according to your situation.

Saturday, October 12, 2013

screen is a powerful terminal session manager with many use cases. One such use case is to start a long-running Command Line Interface (CLI) program in a terminal session, detach the session while leaving the program running unattended, logout, and return to the same session later from another terminal.

Let's examine how you would use screen in a real-life situation.

Imagine the time is 15 minutes to the end of your work day. But before you can leave, you have to run a program that will run for an hour. You don't want to wait around until it finishes in order to check the output. What you want is to start the program, leave, and check the output when you get home.

Assuming you have access to the work machine from home, this is how you would do it using screen.

Start a new screen session.

From a shell, run this command:

$ screen -S mondaySession

Note that the existing screen is immediately reset to blank. You have a new terminal session.

The -S parameter lets you specify a name for the session. This makes it easier for you to come back to it later.

Detaching the session does not mean you are suspending its operation. In fact, the session, including the long program, is still running in the background. Detaching a session leaves the program running unattended while you travel home.

To detach a session, send the appropriate command keyboard shortcut to screen. While a screen session is active, screen listens constantly for keyboard shortcuts. For this specific example, hit the key sequence Control-a d. This means press the Ctrl key and the 'a' key together and release, and then press the 'd' key.

Disclaimer:
No discussion nowadays about screen is complete without the following disclaimer. tmux is a newer command that does similar things as screen. You can achieve the same effect described in this blog post using tmux. For now, however, you are more likely to find screen installed on a Linux box than tmux. I still find it useful to know the screen command.

Tuesday, October 8, 2013

Often, ssh is configured to disallow root to login directly.
To login, root first logins as a non-privileged user, and then do a sudo to become root.

There can be many reasons why you don't want root to login directly. You may be concerned about security. Brute force attacks by guessing the password are common.
In addition to security, you may be concerned about traceability. If there are more than 1 administrator on a system, and they can all login as root, then it is impossible to trace who had done what (after all, it is the same root account).

As an alternative, we can configure sshd such that root can remote login directly, but only with public key authentication. From the security perspective, public key authentication offers much better protection than password. If being able to trace the user is not that important (say there is only 1 root user), then you may wish to consider such a configuration. Note: remote login by root using password authentication is still disallowed.